Two Thirds of Cyber Security Pros Struggle to Define Their Career Paths


According to the results of a recent survey [PDF] of more than 437 information security professionals, fully 65 percent of respondents struggle to define their career paths, and have no clear plan to take their careers to the next level.

The survey, conducted by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA), also found that 56 percent of respondents said their current employers don't provide the cyber security team with the right level of training to keep up with business and IT risk.

Similarly, 44 percent of respondents believe CISO participation with executive management isn't at the right level today -- and that it needs to increase.

"This research paints an escalating and dangerous game of cyber security 'cat and mouse' and today's cyber security professionals reside on the front line of this perpetual battle, often knowing they are undermanned, underskilled and undersupported for the fight," ESG senior principal analyst Jon Oltsik said in a statement.

Forty-six percent of respondents are solicited for jobs at other companies at least once a week.

When asked why CISOs in particular tend to move often after a few years, respondents said CISOs move on when their organizations lack a serious cyber security culture (31 percent), when CISOs aren't active participants with executives (30 percent), and when CISOs are offered higher compensation elsewhere (27 percent).

Still, 79 percent of respondents said they're happy as a cyber security professional.

Fifty-six percent of respondents have a CISSP and feel it's a valuable certification for getting a job and for gaining useful cyber security knowledge -- but respondents were lukewarm on other certifications.

"These conclusions point to the need for business, IT, and cyber security managers, academics, and public policy leaders to take note of today's cyber security career morass and develop and promote more formal cyber security guidelines and frameworks that can guide cyber security professionals in their career development," ISSA Cyber Security Lifecycle (CSCL) chair Candy Alexander said in a statement.

A separate CompTIA study based on surveys and focus groups with girls aged between 10 and 17 years old found that 27 percent of middle school girls have considered a career in tech, but that number drops to 18 percent by high school.

Among those who haven't considered an IT career, 69 percent attribute it to not knowing what opportunities are available to them, and 53 percent say additional information about career options would encourage them to consider a job in IT.

Just 37 percent of girls know someone with a job in IT, though 60 percent of girls who have considered an IT career know someone with a job in the industry.

"Achieving greater gender diversity in our industry requires major changes in the way girls interact with and learn about technology," CompTIA president and CEO Todd Thibodeaux said in a statement. "It will take a concerted, collaborative effort and long-term commitment by parents and role models, teachers and counselors and, most importantly, industry mentors, who can convey their passion about working in tech to future generations."

Last fall, a survey of 3,871 adults worldwide found that the U.S. has the world's worst gender gap in cyber security education.

A recent eSecurity Planet article suggested three ways CISOs can partner with chief data officers.